Ask Your Question
0

TLS 1.2 error Ignored unknown record

asked 2019-09-23 17:42:36 +0000

jeffkim3 gravatar image

Hi , When I look up the pcap , I see a lot of TLS error

edit retag flag offensive close merge delete

Comments

If I haven't enough point , How can I upload files ?

jeffkim3 gravatar imagejeffkim3 ( 2019-09-23 18:47:49 +0000 )edit

You can upload files to any prublic file sharing service (like box, dropbox, onedrive or google drive) and paste the linkt to it here. Please make sure you anonymized and scrubbed the file before uploading it if it contains any sensitive data.

SYN-bit gravatar imageSYN-bit ( 2019-09-23 20:35:59 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2019-09-23 20:34:36 +0000

SYN-bit gravatar image

When you see a lot of "Ignored unknown record" messages, it usually means reassembly is failing at some point. Can you make sure you have set the following protocol preferences:

  • Make sure checksum checking is off at the ethernet, IP and TCP layer (as a checksum error will stop reassembly)
  • Make sure "Allow subdissectors to reassemble TCP streams" is enabled in the TCP protocol preferences
  • Make sure "Reassemble TLS records spanning multiple TCP segment" is enabled in the TLS protocol preferences
  • Make sure "Reassemble TLS application data spanning multiple TCP records" is enabled in the TLS protocol preferences
edit flag offensive delete link more

Comments

Thanks for your quick reply.

I am not sure you can access my one drive link

https://nowcomcorporation-my.sharepoi...

https://nowcomcorporation-my.sharepoi...

jeffkim3 gravatar imagejeffkim3 ( 2019-09-23 20:49:02 +0000 )edit

Hi SYN-Bit ,

Could you let me know where can I check the requirements you said ?

Server side or end user side ? or Network device ?

jeffkim3 gravatar imagejeffkim3 ( 2019-09-23 20:55:12 +0000 )edit

The settings I mentioned are settings in Wireshark :-)

You can edit them by going to "Preferences" -> "Protocols" and then the mentioned protocols

BTW I am not able to access the files, I think will have to make them "public" for other people to see them without having to log in.

SYN-bit gravatar imageSYN-bit ( 2019-09-23 21:24:44 +0000 )edit

Hi Sake ,

I can't share the link cause of our company policy.

jeffkim3 gravatar imagejeffkim3 ( 2019-09-23 22:56:54 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2019-09-23 17:42:36 +0000

Seen: 63,557 times

Last updated: Sep 23 '19